Download Security Issues: The RAL experience

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Henipavirus wikipedia , lookup

Transcript 
The Approach to Security in CLRC
Gareth Smith
With acknowledgements to all the members of the
CLRC Computer Network and Security Group,
especially Trevor Daniels and Chris Seelig.
Organisational Structure
CLRC IS Security Officer
Computer & Network
Security Group.
Departmental IS
Security Officers
Central Networking and
Computer Support Teams
History
• CNSG created in 1998 – result of audit
recommendations.
– Before security matters handled in separate
interest groups (e.g Windows NT).
– Manual checking of logs for scans and application
of network blocks in router.
– Creation of e-mail list for security matters.
1999 – Firewall Set-up
• Early:
– Drafting security policy.
– Some protocols filtered.
• Mid:
– Move server systems into given range of IP
addresses and block incoming TCP connections to
all others. Implemented in routers
– Tighten (and check) NT passwords.
• End:
– Start to put protocol filtering in for ‘servers’.
– Draft ‘incident recovery procedures’
2000
• As result of audit:
– Define systems of ‘High Business Impact”
– Modem registry
• Lovebug Virus – Approx 100 systems infected.
– Filters put in Exchange and use of Outlook
Security Patch.
2001
• Concerns over security of home PCs with ‘always on’
connections.
– Guidelines requiring anti-virus and personal firewall on
laptops & systems dialling in.
• Start internal audits of departments.
• Define rules for use of wireless LANs
• Concerns over IIS security – aim to reduce numbers of web
servers.
• Use e-mail blacklist to filter spam mail.
• Nimda worm/virus. About 6 systems infected.
– Force use of web cache.
2001 – Firewall Upgrade
• Upgrades to networking (within and off-site)
• Gnatbox
– http://www.gnatbox.com/
– PC based system.
• Some 300 – 400 rules.
2002
• Bad start to year with rise in number of incidents.
• Roll out of latest Internet Explorer Security Patch
within a week.
• Who knows what is next ……
Nimda Virus / Worm
• 4 methods of infection:
– E-mail
– Web browsing
– Network shares
– ‘Code Red’ worm.
E-mail protection
Anti Virus Scan (2)
Some attachments removed.
Anti Virus Scan (1)
Exchange
Server
Mail staging
Outlook
Client
Anti-Virus Scan (3)
Some attachments removed.
Lack of e-mail protection
Institute for fusion
in cold beer bubbles
IMAP
POP
LINUX
Client
RAL
Internet
Disk server
RAL Network
How have we been hacked (1)
• Anonymous ftp left open on web server.
– Found by anti-virus software.
– System being used as a repository.
– Analysis of logs was confusing
– Server had to be completely re-installed.
How have we been hacked
(2)
Boulby Mine
End
System
Router
ISDN
400km
CISCO
Router
RAL
Firewall
Internet
Concerns / Aims
• Concerns
– Rapidly spreading virus/worm.
• Need to subdivide network to contain any infection.
– Risks of web browsing
• Need to keep patching.
• Aims
– More than one line of defence in all cases.
Related documents
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
Cool SCIENCE! - University of California, Irvine
Cool SCIENCE! - University of California, Irvine
vet_virology_symposium
vet_virology_symposium
Understanding viruses classwork
Understanding viruses classwork
The Information Security Jigsaw The Technical Elements
The Information Security Jigsaw The Technical Elements
Possible Origin of Viruses
Possible Origin of Viruses
Lec.4.Communication software and the internet
Lec.4.Communication software and the internet
Symptoms of Ebola virus disease
Symptoms of Ebola virus disease
Professional LYSOL® Brand Disinfectant Deodorizing Cleaner
Professional LYSOL® Brand Disinfectant Deodorizing Cleaner
ECDHS418-Communicable Disease Fact Notification Letter
ECDHS418-Communicable Disease Fact Notification Letter
Part 1
Part 1
U3 SAC Oc2Task2 Bcel..
U3 SAC Oc2Task2 Bcel..
Infectious Disease
Infectious Disease
Security strategy
Security strategy
Chapter 19
Chapter 19
Internet Performance
Internet Performance
eng.fon.rs
eng.fon.rs
DOC - SANS Institute
DOC - SANS Institute
Reading Organizer Instructor Version
Reading Organizer Instructor Version
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
CS 356 – Lecture 9 Malicious Code
CS 356 – Lecture 9 Malicious Code